Applicants respectfully request the Examiner to reconsider and withdraw 
these rejections. 

The claims are directed to a security management method and system 
for supporting security management of managing systems constituting an 
information system. According to the present invention, a plurality of security 
control names and names for obtaining the status/changing configuration of 
the security control means, information security policy management and 
inspection supporting device are provided so as to aid in the simplified control 
and management of security conditions of an information system while 
conforming to security policy. According to the present invention, the security 
management method and system inspects whether the managed system is 
constructed and operated in conformity to the policy established in the design 
phase of such information system and is able to make changes in 
configurations of the managed systems when there is a problem by feeding 
back such information identifying such problems to the security management 
method and system. 

The above described features of the present invention now more 
clearly recited in the claims are not taught or suggested by Wiegel, Grimm or 
Cert whether taken individually or in combination with each other as 
suggested by the Examiner. 

Numerous arguments were presented in the Remarks of the 
Amendment filed on April 18, 2005, said Remarks being incorporated herein 
by reference. It was particularly shown in said Remarks that Wiegel, Grimm 
and Cert whether taken individually or in combination with each other fail to 
teach or suggest the features of the present invention. However, the 
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Examiner apparently does not agree with these arguments and incorrectly 
states that "Applicants argument fail to comply with 37 CFR §1.1 1 1(b) 
because they amount to a general allegation that the claims define a 
patentable invention with specifically pointing out how the language of the 
limitations of the claims patentably distinguishing them from the references of 
record". This allegation is entirely incorrect being that Applicants specifically 
identified features of the present invention not taught or suggested by the 
references of record. The Examiner's attention is directed to pages 15 and 16 
of the Remarks of the April 18, 2005 Amendment in which specific passages 
of the claims were identified and it was shown how these specific passages 
are not taught or suggested by the references of record. These passage of 
the Remarks fully comply with the requirements of 37 CFR §1.1 1 1(b) in that 
they show how the language of the claims define a patentable invention 
relative to the references of record. 

To further comply with said requirements of 37 CFR §1 . 1 1 1 (b) the 
following is provided. 

Wiegel teaches a graphical network security policy management 
method and system which supports the establishment of a security policy in 
the form of a decision tree that is constructed by assembling graphical 
symbols representing policy actions and policy conditions. As taught by 
Wiegel, a user modifies properties of the graphical symbols to create a logical 
representation of the policy while the logical representation is transformed into 
a textual script that represents the policy and the script is displayed as the 
user works with the logical representation. The script is then translated into 
machine instructions that govern the operation of a network gateway or 
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firewall. However, at no point is there any teaching or suggestion in Wiegel of 
providing security control means and means for obtaining status of security of 
different managed systems and to change configuration of the managed 
systems for controlling a security both during the design phase and during the 
operation phase as in the present invention. The system taught by Wiegel 
could support the establishment of security policies. However, the system 
taught by Wiegel is not intended to inspect whether the system operates in 
conformity to the security policy established during the design as in the 
present invention such as, for example, during operation of the system as in 
the present invention. 

Thus, Wiegel fails to teach or suggest a security specification hatching 
step of executing an information security policy which corresponds to each 
managed system constituting an information system designated by a user 
from a database describing a correspondence between information security 
policies representing policies of security measures with at least one managed 
system and the managed systems, to hatch security specification to be 
applied to the information system as recited in the claims. 

Further, Wiegel fails to teach or suggest a security diagnosis step of 
executing a plurality of audit programs describing a processing for auditing 
various information including a type of the managed and a software version, 
which are stored so as to correspond to each set of the information security 
policy and the managed system which are specified by the hatched security 
specifications as well as by a security status to audit the various information 
including the type of the software version of the managed system constituting 
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the information system designated by the user and diagnose a security of the 
information system as recited in the claims. 

Still further, Wiegel fails to teach or suggest a security handling and 
management step of executing a management program designated by the 
user from a plurality of management programs describing a process for 
controlling the security status concerning the security policy of the managed 
system stored so as to correspond to each set of the information security 
policy and the managed system which are specified by the hatched security 
specifications to allow the electronic computer to change the security status of 
the managed system corresponding to the management program so as to 
adjust the security status to the information security policy corresponding to 
the management program as recited in the claims. 

The above noted deficiencies of Wiegel are also evident in Grimm. 
Therefore, combining the teachings of Wiegel and Grimm in the manner 
suggested by the Examiner in the Office Action still fails to teach or suggest 
the features of the present invention as now more clearly recited in the claims. 

Grimm teaches a process for transparently enforcing protection 
domains and access control as well auditing operations and software 
components. Grimm specifically teaches an introspection service for 
analyzing software component and an interposition service for correcting the 
software components as its constituents elements. Grimm the same as 
Wiegel fails to teach or suggest the above described features of the present 
invention regarding the providing of security control means and means for 
obtaining the status and changing the configuration of the security control 
means in the appropriate manner relative to the security specifications. Thus, 
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at no point is there any teaching or suggestion in Grimm of the above 
described features of the present invention regarding the security specification 
hatching step, the security diagnosing step and the security handling and 
management step as recited in the claims. 

Thus, as is quite clear from the above both Wiegel and Grimm fail to 
teach or suggest the features of the present invention as now more clearly 
recited in the claims. Therefore, combining the teachings of Wiegel and 
Grimm in the manner suggested by the Examiner still fails to teach or suggest 
the features of the present invention as now more clearly recited in the claims. 
Accordingly, reconsideration and withdrawal of the 35 USC §1 03(a) rejection 
of claims 8-1 1 and 13 as being unpatentable over Wiegel in view of Grimm is 
respectfully requested. 

The above noted deficiencies of Wiegel and Grimm are also not 
supplied by Cert. Cert is merely relied upon by the Examiner for an alleged 
teaching of security information published by a security information 
organization including Cert. Thus, at no point is there any teaching or 
suggestion in Cert of the above described features of the present invention 
regarding the security specification hatching step, the security diagnosis step 
and the security handling and management step as recited in the claims. 

Thus, Cert suffers from the same deficiencies relative to the features of 
the present invention as recited in the claims as Wiegel and Grimm. 
Therefore, combining the teachings of Wiegel, Grimm and Cert in the manner 
suggested by the Examiner in the Office Action still fails to teach or suggest 
the features of the present invention as now more clearly recited in the claims. 
Accordingly, reconsideration and withdrawal of the 35 USC §1 03(a) rejection 
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of claim 12 as being unpatentable over Wiegel, Grimm and Cert is respectfully 
requested. 

The remaining references of record have been studied. Applicants 
submit that they do not supply any of the deficiencies noted above with 
respect to the references utilized in the rejection of claims 8-13. 

In view of the foregoing amendments and remarks, applicants submit 
that claims 8-13 are in condition for allowance. Accordingly, early allowance 
of claims 8-13 is respectfully requested. 

To the extent necessary, the applicants petition for an extension of time 
under 37 CFR 1.136. Please charge any shortage in fees due in connection 
with the filing of this paper, including extension of time fees, or credit any 
overpayment of fees, to the deposit account of MATTINGLY, STANGER, 
MALUR & BRUNDIDGE, P.C., Deposit Account No. 50-1417 
(566.39530VX1). 

Respectfully submitted, 




CIB/jdc Carl I. Brundidge 

Attachments Registration No: 29,621 

703/684-1 120 MATTINGLY, STANGER, MALUR & BRUNDIDGE, P.C. 
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